In a public Discourse instance, how do I make it impossible to list all users

We created a new instance of Discourse. It has multiple private categories and just one public category while the product we’re working on is in beta.

How do I make sure that for anonymous users there is absolutely no way to list all users through API nor through UI?

The only settings I found that seem relevant are:

  • enable user directory
  • hide user profiles from public

Just wanna make 1000% sure I don’t expose the users list in any way. Please advise.

3 Likes

Depends on what you mean exactly by “exposing” users. Any user that posts in the public category will be public, and then it depends on what percentage of your users will interact in that specific category.

4 Likes

I mean for an anonymous user to reveal the list of users. Like e.g. listing all users through API, or seeing the list in “Top Users”, or through Search function, or in any other way that I’m unaware of.

3 Likes

Users can still be listed via the API unless you site isn’t public, aka, login required is enabled.

2 Likes

Is this correct behaviour provided I disabled the users directory?

Also, when you’re saying the list will still be exposed via API, do you mean to all anonymous users?

1 Like

That setting objective, AFAIK, is only to remove the user leaderboard.

Yes.

1 Like

Would it be possible to make it into a feature request? A way to make it impossible to list all users while having some public categories?

1 Like

Is that because it’s considered futile to hide that data if stuff is understandably exposed in unpredictable amounts from public topic lists in any case?

2 Likes

In our particular case, there is a group of people working on something, and only small part of the group contribute to the public category.

2 Likes

I don’t think anyone planned it so much, it’s more that Discourse has two basic modes: public and private. The setting to hide the leaderboard does exactly what it says, it hides the leaderboard. Why would it do something extra?

Feel free to write up an spec of what you want, but as it’s a very boring work to do and such a niche use case you would have more luck posting it to the marketplace if you want to see it anytime soon.

1 Like

So, for now, it would seem sensible to spin up two instances if you value the complete privacy of a core group. Fair enough.

That said, it’s not like it’s exposing email addresses in any case.

3 Likes